• redcalcium@lemmy.institute
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    Regardless of who’s right or wrong in this dispute, it’s just another example of why getting deep into cloud vendor lock in is not great for your company. If you went balls deep into cloudflare’s offering, e.g. using cloudflare workers, kv, cloudflare access, etc, you can’t afford to get kicked out of cloudflare for any reason. What are you gonna do when their sales rep tells you to pay more this year? Refusing is not an option because it’ll screw your company hard.

    • jonne@infosec.pub
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      Yep, the recommendations at the end of the article are definitely worth following regardless.

  • tyler@programming.dev
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    someone commented on the article and better explained what is going on.

    This is a classic case of someone demonstrating themselves as being victimized in an effort to get others to sympathize with them. All the while, creating artificial ill will towards a vendor.
    
    Imagine the horror of a company trying to run a sustainable business model where they return a profit???!!!
    
    I read this and I see someone that's portraying their role in the situation as "we've done nothing wrong and they want to make us pay $120K to continue doing business." This requires peeling back the layers of the onion to see where the fault truly lies.
    
    Since you’re openly sharing domains/emails of who you spoke with at the vendor, surely you could share the domains you using for your business.
    
    If it’s a casino, it should be something we could go look at and become a customer of, right?
    
    I mean...who doesn’t love a little online gambling in the middle of the night, right?
    
    Why not come clean with the details of what they observed you doing to level the playing field?
    
    This following statement is utter BS and IMHO, discredits anything else you've shared:When we told them we were also in talks with Fastly, they suddenly "purged" all our domains, causing huge downtime in our core business, sleepless nights migrating away from CF, irreparable loss in customer trust and weeks of ongoing downtime in our internal systems.”
    
    Clearly your talking to Fastly had nothing to with your domains being purged.
    
    Your domains were purged because you were in violation of terms of service. Not because you were talking to a competitor.
    
    "Your account and domains were brought to our attention following intelligence of your account being involved in domain rotation activities, namely, activities to evade or otherwise circumvent blocks being placed on you by a third party."
    
    In other words, you allegedly knew there were attempts by third parties to place the Cloudflare owned IPs associated with your account on block lists. Cloudflare detected said alleged activities carried out by your organization to circumvent them from being added to block lists.
    
    And of course, this is all being done with IP addresses that belong to Cloudflare - not to you.
    
    Anyone that understands how Cloudflare works knows their IP address space is shared across all of their customers. I would hope they would care a lot about the reputation of their IP address space.
    
    Any actions that put their IP addresses at risk subsequently puts their other customers at risk.
    
    Had you been using BYOIP all along, this probably would not have even been an issue and you probably would still be on their platform.
    
    But BYOIP is only available to customers on an Enterprise plan so it isn't cheap.
    
    I guess it's a calculated risk on your part. What is the cost to your organization if it was blocked vs. the cost to your organization for services that provide you with the ability to do what you need with your own addresses?
    
    The email from support on 05/03/2024 informed you that you had 48 hours to provide them with what they requested or discontinue the activities:
    
    "Usage of Cloudflare services for this purpose is strictly prohibited, and we would request you provide information as to what your account and domains are being used for within the next 48 hours. Note that your account may be terminated should you fail to respond, or otherwise react to this notice."
    
    Based on what support said, they would have purged your domains on May 5th, had they followed what they said they were going to do.
    
    The log you shared show your domains were purged on 05/16/2024 - 13 days after the day they reached out to you.
    
    They were actually very generous seeing as how they provided an additional 11 days to get things under control and to move you to a plan that was more in line with your actual utilization and requirements.
    
    They kept up with their commitment until they determined you were in violation of the terms of service.
    
    Once you violate terms of service, it doesn’t matter who the provider is, the provider has every right to shut you down.
    
    This is all too typical. Most people do not realize how much bandwidth, infrastructure, colocation facilities, R&D, support, etc. cost. Even on a Business plan for $250/month I would have to think they were losing money on your account.
    
    Anyone can spend time going through the Cloudflare subreddit and read of the horrors of how they treated someone on a Free ($0)/Pro ($25)/Business ($250) plan.
    
    Pricing is not based sheerly on the amount of bandwidth consumed or data transferred. There is a wide range of factors that influence the price.
    
    It would be interesting to see what services Fastly required you to sign up for. Or how long you last on Fastly should you end up violating their TOS.
    
    Hopefully your risk management team has a contingency plan in place in the event that you get booted from Fastly as well.
    
    I don't think any of us want to see you go additional sleepless nights!
    
  • ResoluteCatnap@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    7 months ago

    So i recently learned that counting cards isn’t illegal-- its just that casinos will kick you out for counting cards. I’m sure that’s obvious to some people, but it was new to me. what i find interesting is that you can play a perfect game counting cards and still have a smaller chance of profit than the casino gets against normal people, yet they’ll treat you like you’re doing something illegal?

    Fuck casinos, especially online ones.

    Still a decent post to raise awareness about vendor lock in i guess

    • ringwraithfish@startrek.website
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      and in a stunning failure of corporate communication

      This is my main takeaway from this situation. Seems like the casino knew it was getting a deal too good to be true and CF went straight to strong arm tactics instead of inviting the other side to the table to discuss the issue and find a way forward that’s good for both parties.

  • macniel@feddit.de
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    7 months ago

    Lol get fucked. This time the House didn’t won, because they had to play with another houses rules. Good for CloudFlare.

  • moreeni@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    TL;DR

    A decently big casino, as you could guess from the article, was getting away with Cloudflare’s Business Plan (250$/month, which even the author in the post agrees was a “fairly low price”, likely downplaying it).

    The Cloudflare team reached out to them to let them know their usage does not fit into the tier anymore and they need to pay the custom price of an Enterprise plan, which may, or may not have been fair since the author does not provide any relevant data, because they were cut off from the stats since they had their account terminated.

    The casino refused and indicated they are at talks with Fastly, which was a stupid thing to tell to the CF team, because on their end it was looking like “yeah, we’re going to keep freeloading until we move to another company”, so they decided to terminate the casino’s account.

    The story taught the author not to rely on proprietary services. I hope it might also teach them not to rely on any service if they are getting away with a price that is way too cheap for the resources they consume.

    • troed@fedia.io
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      With all that said, Cloudflare has shown that they cannot be relied upon. No business can work with a supplier that will just suddenly cut you off without there being some clear breach of contract and the possibility to clear things up.

      The behavior from Cloudflare shown here is what you expect from some shady Russian “cheapo SaaS for you!”-provider.

      • null@slrpnk.net
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        without there being some clear breach of contract and the possibility to clear things up.

        Sounds like that’s exactly what happened?

        • troed@fedia.io
          link
          fedilink
          arrow-up
          0
          ·
          7 months ago

          What part of their existing plan were they in breach of? And why was there no description of what difference in cost there would be for different usage once they were told of the plan Cloudflare considered right for them?

          • wahming@monyet.cc
            link
            fedilink
            English
            arrow-up
            0
            ·
            7 months ago

            This is one side of the story. It’s entirely possible CF did provide those details

      • macniel@feddit.de
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        When you don’t play by their rules and freeload the shit out of their plan and thus violate their terms of service… yeah Termination happens, tough love.

        • HakFoo@lemmy.sdf.org
          link
          fedilink
          arrow-up
          0
          ·
          7 months ago

          I think there would be more sympathy if Cloudflare pointed to a specific limit breached and proposed ways to get into compliance at their current price plan.

          “Service XYZ is now consuming 500% of expected quota. Shut it down or we need to get you on a bigger plan.” is actionable and meaningful, and feels a little less like a shakedown.

          I’m sick of “unlimited” services that really mean “there’s a limit but we aren’t going to say what it is.” By that standard, freaking mobile telecoms are far more transparent and good-faith players!

          Perhaps this also represents a failing in Cloudflare’s product matrix. Everyone loves the “contact sales for a bespoke enterprise plan” model, but you should be creating a clear road to it, and faux-unlimited isn’t it. Not everyone needs $random_enterprise_feature, so there’s value in a disclosed quota and pay-as-you-scale approach: the customer should be eager to reach out to your sales team because the enterprise plan should offer better value than off-the-rack options at high scale.

          • realbadat@programming.dev
            link
            fedilink
            arrow-up
            0
            ·
            7 months ago

            Considering the way they presented what was obviously them trying to skirt the rules, it isn’t hard to believe that CF did provide that info, and it just wasn’t presented in this writeup.

            Not that I have any love for CF, just saying this is a case of no one being trustworthy.

          • macniel@feddit.de
            link
            fedilink
            arrow-up
            0
            ·
            7 months ago

            I agree, there simply isnt “unlimited” services. Also I don’t see any mention of unlimited anything on CloudFlares tiered plans, maybe I’m blind.

            • redcalcium@lemmy.institute
              link
              fedilink
              arrow-up
              0
              ·
              7 months ago

              They don’t say unlimited, but they also won’t say the limit of their reverse proxy service. It’s intentionally vague.

      • tyler@programming.dev
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        No business can work with a supplier that will just suddenly cut you off without there being some clear breach of contract and the possibility to clear things up.

        I think they’re leaving out that they are breaching contract. Someone commented on their article calling them out for essentially getting CF’s IPs blacklisted. If this casino would switch to Enterprise then they would have to bring their own ips and it wouldn’t affect CF (since CF’s ips are shared across all customers)